close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 or 2018 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Limit login attempts

Thread began 9/12/2010 11:31 pm by Jaffa | Last modified 1/06/2011 5:27 pm by Jason Byrnes | 3033 views | 3 replies |

Jaffa

Limit login attempts

Is there a way to limit login attempts? Using cookies isn't an options due to the fact that a hacker may very well block cookies. ADDT had a great implememtaion of this and wondered how hard it would be in WA?

Cheers

Sign in to reply to this post

Jason ByrnesWebAssist

you can do this using the set session value server behavior of cookies toolkit.

1) you will need to initialize the session 0 if it does not exist:
On the server behaviors panel, click the plus button and select WA Cookies Toolkit -> Set Session Value.


Trigger: If Session Variable is not defined
Name: loginCount
Value: 0

2) Incerement the session on login attempt:
On the server behaviors panel, click the plus button and select WA Cookies Toolkit -> Set Session Value.


Trigger: Any Form Post
Name: loginCount
Value: click the lightning bolt, and select the loginCount session. The code added will look like:

php:
<?php echo $_SESSION['loginCount']; ?>




change it to:

php:
<?php echo $_SESSION['loginCount'] +1?>



this will add one every time the login form is posted.

3) create a new rule to check the login attempts:
Go to Modify -> Securioty Assist -> Access Rules Manager.

Create new rule:
Name: Max Logins
Conditions: check Allow
Value: Click the lightning bolt and select the loginCount session
Criteria: <
Compare to: 4


4) add the access rule to the login page.
Go to Insert -> WebAssist -> SecurityAssist -> Page Access

select the Max Logins rule.

after the page access rule is applied double check in code view that the session code is before the page access rule code

Sign in to reply to this post

Andrew Read

Hi Jason (or others,)

I am looking to do something similar to this, however, if in this instance if the user exits the browser and comes back they can just start attempting to login again as they will have cleared their session.

Do you have any suggestions as to how to make this more secure? Logging IP address of failed attempts maybe, at least one could track where they are coming from?

I am looking at this from the eyes of an ADDT user - It used to track all this - store failed attempts in the database and lock a user out for an amount of time if they did have too many attempts.

I would also track when a user logged in and from what IP address - this has come handy a number of times when I've tried to track down what user was having an issue with a web application within the secure area.

Thanks for any ideas - or why I don't need to bother is also good. :)

Sign in to reply to this post

Jason ByrnesWebAssist

Since the login count is being tracked in the session, it will automatically be cleared when the browser is closed.


if you wanted to track IP, you could set up a table in the database to track failed attempts.


probably set it up so that when the max number of attempts is reached, it updates the table to store the IP address.


use:
<?php echo((isset($_SERVER["REMOTE_ADDR"]))?$_SERVER["REMOTE_ADDR"]:"") ?>

to get the ip.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...